Extract from Trudy Knockless’s article “It’s Just a ‘Cookie’—Until It’s a Lawsuit: Why Website-Tracking Risks Have Become Too Big to Ignore”
For in-house lawyers, ‘cookie’ compliance has become a fast-evolving, high-risk issue, one that’s attracting aggressive litigation and state-level enforcement.
That was the message from Elliot Golding, a Washington, D.C.-based partner at McDermott Will & Schulte, during a recent JD Supra webinar hosted by the law firm. The session, titled “Navigating Cookie and Website Compliance in 2025: Insights and Strategies for In-House Counsel,” walked through the mounting legal and technical risks associated with cookies, pixels, session replay tools and other tracking technologies—and what legal departments can actually do about them.
Golding, who focuses on proactive compliance and business risk counseling, warned that regulatory scrutiny has intensified, with more than 20 U.S. states now having privacy laws on the books, many of which include opt-out requirements for sales, sharing or targeted advertising. But enforcement is just one side of the coin. The other: a rising tide of plaintiff litigation, much of it repurposing 1960s-era wiretapping laws for the digital age.
“We’re seeing dozens of plaintiffs’ firms sending hundreds or thousands of cookie letters every month,” Golding said.
